From c140bb26d2b1c2c9ea5edaf358f1bd182e856a7e Mon Sep 17 00:00:00 2001
From: 0xInfection <theinfecteddrake@gmail.com>
Date: Tue, 19 Feb 2019 18:47:22 +0530
Subject: [PATCH] Added more stuff

---
 README.md | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/README.md b/README.md
index 2fc1a8b..693fa14 100644
--- a/README.md
+++ b/README.md
@@ -1414,16 +1414,16 @@ Wanna detect WAFs? Lets see how.
     </tr>
 </table>
 
-## Evasion Techniques
+# Evasion Techniques
 Lets look at some methods of bypassing and evading WAFs.
 
-### Fuzzing/Bruteforcing:
-#### Method:  
+## Fuzzing/Bruteforcing:
+### Method:  
 Running a set of payloads against the URL/endpoint. Some nice fuzzing wordlists:
 - Wordlists specifically for fuzzing - [Seclists Fuzzing](https://github.com/danielmiessler/SecLists/tree/master/Fuzzing).
 - Can be done with automated tools like BurpSuite Intruder.
 
-#### Technique:
+### Technique:
 
 - Load up your wordlist into Burp Intruder/custom fuzzer and start the bruteforce.
 - Record/log all responses from the different payloads fuzzed.
@@ -1431,17 +1431,17 @@ Running a set of payloads against the URL/endpoint. Some nice fuzzing wordlists:
 - If blocking noticed, increase fuzz latency (eg. 2-4 secs)
 - Always use proxies, since chances are real that your IP gets blocked.
 
-__Drawback:__
+### Drawbacks:
 - This method often fails. 
 - Many a times your IP will be blocked (temporarily/permanently).
 
-### Regex-Reversing:
-#### Method:
+## Regex-Reversing:
+### Method:
 - Most efficient method of bypassing WAFs.
 - Some WAFs rely upon matching the attack payloads with the signatures in their databases.
 - Payload matches the reg-ex the WAF triggers alarm.
 
-#### Techniques:
+### Techniques:
 
 ### __Keyword Filter Detection/Bypass__